microsoft-store-infected-feature-image

Microsoft Store Infected With Malware

Check Point Research, a company that provides leading cyber threat intelligence, has discovered malware permeating the Microsoft Store. The malware is being delivered via malicious clones of popular apps, mostly games, and has already been known to have infected more than 5000 machines.

The malware, dubbed Electron Bot, is a backdoor that provides the attacker with complete control over compromised machines. Electron Bot’s main capabilities as analyzed by CPR are:

  • SEO poisoning, an attack method in which cybercriminals create malicious websites and use search engine optimization tactics to make them show up prominently in search results
  • Ad Clicker, a computer infection that runs in the background and constantly connects to remote websites to generate ‘clicks’ for advertisements
  • Promote social media accounts, to direct traffic to specific content and increase views and ad clicking to generate profits
  • Promote online products to generate profits with ad clicking or increase store rating for higher sales

In addition, the malware’s payload contains functions that control social media accounts on Facebook, Google and Sound Cloud. It can register new accounts, log in, and comment on and “like” other posts ~ source

Malware

In its report, CPR has included the following list of publishers known to have released malicious game apps:

  • Lupy games
  • Crazy 4 games
  • Jeuxjeuxkeux games
  • Akshi games
  • Goo Games
  • Bizzon Case


It appears Electron Bot is a malware-for-hire being sold to third parties who want to increase online profits illegitimately. It is important to note that, while the effects of the existing version of Electron Bot are not considered catastrophic, the code could easily be modified to fetch a secondary payload such as a RAT (Remote Access Trojan) or Ransomware. CPR advises users to:

  • Avoid downloading an application with a small number of reviews
  • Look for applications with good, consistent, and reliable reviews
  • Pay attention to suspicious application naming which is not identical to the original name

Personally, I would recommend not downloading anything from the Microsoft Store for the time being. At least until Microsoft issues assurances that the malware has been cleaned out and the company has implemented a far more stringent/effective screening process.

BOTTOM LINE:

How ironic is it that, while Microsoft is forcing obscure security protocols down Windows users’ throats, the company is seemingly unable to protect its own backyard? With the recent news that Google Play Store is hosting an Android banking trojan with over 50,000 installations to date, it seems these “app stores” are a major (and easy?) target for cybercriminals.

2 thoughts on “Microsoft Store Infected With Malware”

    1. Sorry, not quite with you… find and delete what exactly?

      If you think you might have installed one or more of the malicious games from the Microsoft Store, check out the list of publishers known to have released malicious games included in the above article and make sure none of your games have come from one of those publishers.

Comments are closed.

Scroll to Top